<?php
if ($_REQUEST['upd_info']) {
	$year 				= escapestr($_REQUEST["year"]);
	$month 				= escapestr($_REQUEST["month"]);
	$day	 				= escapestr($_REQUEST["day"]);
	$gender				= escapestr($_REQUEST["gender"]);
	$orientation	= escapestr($_REQUEST["orientation"]);
	$status				= escapestr($_REQUEST["status"]);
	$drink				= escapestr($_REQUEST["drink"]);
	$smoke				= escapestr($_REQUEST["smoke"]);
	$snus					= escapestr($_REQUEST["snus"]);
	$drugs				= escapestr($_REQUEST["drugs"]);
					
	$query        = "UPDATE info set year='".$year."', 
												month='".$month."',
												day='".$day."',
													gender='".$gender."',
													orientation='".$orientation."',
													status='".$status."',
													drink='".$drink."',
													smoke='".$smoke."',
													snus='".$snus."',
													drugs='".$drugs."'
					 				where id='" . $id ."'";
	$result = mysql_query($query);
	if ($result) $SITE_MIDDLE .= FormatElement( GetLangString ( $lang , "txt_personalinfo") , GetLangString ( $lang , "msg_saved"));
	else $SITE_MIDDLE .= FormatElement( GetLangString ( $lang , "txt_error") , GetLangString ( $lang , "msg_dberror"));
} else
	

if ($_REQUEST['upd_profile']) {

	$about 		= escapestr(text2html($_REQUEST["about"]));
	$like 		= escapestr(text2html($_REQUEST["like"]));
	$dislike 	= escapestr(text2html($_REQUEST["dislike"]));
	$music 		= escapestr(text2html($_REQUEST["music"]));
	$film 		= escapestr(text2html($_REQUEST["film"]));
	$book			= escapestr(text2html($_REQUEST["book"]));
					
	$query    =  "UPDATE `profile` set 
													`about`='".$about."', 
													`like`='".$like."',
													`dislike`='".$dislike."',
													`music`='".$music."',
													`film`='".$film."',
													`book`='".$book."'
						 where `id`='" . $id ."'";
	if (SecurityCheck($query)) $SITE_MIDDLE .= FormatElement( GetLangString ( $lang , "txt_error") , GetLangString ( $lang , "msg_baddata"));
	else {
		$result = mysql_query($query);
		if ($result) $SITE_MIDDLE .= FormatElement( GetLangString ( $lang , "txt_profiletext") , GetLangString ( $lang , "msg_saved")); 
		else $SITE_MIDDLE .= FormatElement( GetLangString ( $lang , "txt_error") , GetLangString ( $lang , "msg_dberror"));
	}
} 
else

if ($_REQUEST['upd_pwd']) {
	if (!strcmp($_REQUEST['newpwd'],$_REQUEST['again'])) {
	  $newhash = md5 ($_REQUEST['newpwd']);
		$query   = "UPDATE users set password='".$newhash."' where id=" . $id ;
		$result   = mysql_query($query);
		if ($result) $SITE_MIDDLE .= "Saved"; 
		else $SITE_MIDDLE .= "Error while saving data.";
	} 
	else $SITE_MIDDLE .= "Password not changed because passwords did not match";
} 
else 

if ($_REQUEST['upd_mail']) {
	$email = escapestr($_REQUEST["email"]);
	$query   = "UPDATE users set email='$email' where id=" . $id ;
	if (SecurityCheck($query)) $SITE_MIDDLE .= "Your profile text contains insecure data";
	else {
		$result = mysql_query($query);
		if ($result) $SITE_MIDDLE .= "Saved"; 
		else $SITE_MIDDLE .= "Error while saving data.";
	}
}
?>
